trackinheads_methods (1)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

trackinheads_methods (1).rar
Size

48.0MB
MD5

bb5a1a6158c19fcf367e9826b630f010
SHA1

65a3d7e4e48bddf6da9fedeecd247d6e63df2899
SHA256

b5e47428a639ee990d7000b60ff2705a303b0c3c7018138d7b24c47378e102d2
SHA512

a90bd06fb58235b1934748d25ceaf251ce533c7806d4e82711c05e698feb02c89119a5f149b6a6cea858385b887b80d197bd81908ac1546e4cb3ac6ca0653e79
SSDEEP

1572864:DhTR7mVMtx8DEi59pf4jckTODl+8fXPICpM:DBRqVMtxOEi5Tf4d8+YBM

Score

9^/10

upx pyinstaller

Malware Config

Signatures

Detected Nirsoft tools 21 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/valid_methods/AlternateStreamView.exe	Nirsoft
static1/unpack001/valid_methods/AppCompatibilityView.exe	Nirsoft
static1/unpack001/valid_methods/AppReadWriteCounter.exe	Nirsoft
static1/unpack001/valid_methods/BrowsingHistoryView.exe	Nirsoft
static1/unpack002/out.upx	Nirsoft
static1/unpack003/out.upx	Nirsoft
static1/unpack004/out.upx	Nirsoft
static1/unpack001/valid_methods/EventLogChannelsView.exe	Nirsoft
static1/unpack001/valid_methods/ExecutedProgramsList.exe	Nirsoft
static1/unpack001/valid_methods/FolderTimeUpdate.exe	Nirsoft
static1/unpack006/out.upx	Nirsoft
static1/unpack001/valid_methods/LastActivityView.exe	Nirsoft
static1/unpack001/valid_methods/LiveTcpUdpWatch.exe	Nirsoft
static1/unpack007/out.upx	Nirsoft
static1/unpack008/out.upx	Nirsoft
static1/unpack009/out.upx	Nirsoft
static1/unpack001/valid_methods/NetworkUsageView.exe	Nirsoft
static1/unpack001/valid_methods/PreviousFilesRecovery.exe	Nirsoft
static1/unpack001/valid_methods/USBDeview.exe	Nirsoft
static1/unpack001/valid_methods/WhatInStartup.exe	Nirsoft
static1/unpack001/valid_methods/WinPrefetchView.exe	Nirsoft

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/valid_methods/CProcess.exe	upx
static1/unpack001/valid_methods/ChromeCacheView.exe	upx
static1/unpack001/valid_methods/ChromeCookiesView.exe	upx
static1/unpack001/valid_methods/ImageCacheViewer.exe	upx
static1/unpack001/valid_methods/MUICacheView.exe	upx
static1/unpack001/valid_methods/MZCacheView.exe	upx
static1/unpack001/valid_methods/MyLastSearch.exe	upx
static1/unpack001/valid_methods/RecentFilesView.exe	upx
static1/unpack001/valid_methods/RegScanner.exe	upx
static1/unpack001/valid_methods/ShellBagsView.exe	upx
static1/unpack001/valid_methods/UserAssistView.exe	upx
static1/unpack001/valid_methods/VideoCacheView.exe	upx
static1/unpack001/valid_methods/WebCacheImageInfo.exe	upx

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/valid_methods/DRE-Files.exe	pyinstaller

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/valid_methods/BrowsingHistoryView.exe
unpack001/valid_methods/CProcess.exe
unpack002/out.upx
unpack003/out.upx
unpack001/valid_methods/ChromeCookiesView.exe
unpack004/out.upx
unpack001/valid_methods/DRE-Files.exe
unpack001/valid_methods/DeathRun_Scan.exe
unpack006/out.upx
unpack001/valid_methods/JournalTrace.exe
unpack001/valid_methods/MUICacheView.exe
unpack007/out.upx
unpack008/out.upx
unpack009/out.upx
unpack001/valid_methods/UserAssistView.exe
unpack001/valid_methods/WinDefThreatsView.exe

Files

trackinheads_methods (1).rar
.rar
valid_methods/AlternateStreamView.exe
.exe windows:4 windows x64 arch:x64

5687dd5c985b7ec94db31a8dd21988eb

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:fe:9a:bf:a1:50:99:c0:e4:54:ec:23:54:73:0c:f2:0b:0b:e3:98
Signer

Actual PE Digest

b9:fe:9a:bf:a1:50:99:c0:e4:54:ec:23:54:73:0c:f2:0b:0b:e3:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\AlternateStreamView\x64\Release\AlternateStreamView.pdb

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
__setusermatherr
__C_specific_handler
_onexit
__dllonexit
_wcslwr
strlen
memmove
wcsrchr
_commode
_fmode
__set_app_type
_XcptFilter
malloc
_memicmp
_wcsicmp
free
modf
memcmp
wcstoul
_itow
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_purecall
_wtoi
wcslen
memset
wcscpy
wcscmp
wcschr
memcpy
wcscat
_snwprintf
wcsncat

comctl32

ImageList_AddMasked
ord17
ImageList_Create
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcess
GetCurrentProcessId
ExitProcess
CreateProcessW
GlobalFree
SetErrorMode
DeleteFileW
EnumResourceNamesW
GetPrivateProfileIntW
ReadProcessMemory
OpenProcess
EnumResourceTypesW
GetStartupInfoW
LoadLibraryW
WritePrivateProfileStringW
GetPrivateProfileStringW
WriteFile
GetFileAttributesW
CreateFileW
GetProcAddress
CloseHandle
ExpandEnvironmentStringsW
GetModuleHandleW
ReadFile
CompareFileTime
FileTimeToSystemTime
FreeLibrary
SystemTimeToFileTime
FindResourceW
GetModuleFileNameW
LoadResource
GetWindowsDirectoryW
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GlobalAlloc
LoadLibraryExW
GetSystemDirectoryW
lstrlenW
LocalFree
GetNumberFormatW
WideCharToMultiByte
LockResource
lstrcpyW
SetFileAttributesW
GlobalUnlock
GetTempPathW
GetLocaleInfoW
GetDateFormatW
GetTempFileNameW
GlobalLock
SizeofResource
GetFileSize
GetLastError
FormatMessageW
FindFirstFileW
GetVersionExW
FindNextFileW
FindClose
GetTimeFormatW

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
DrawTextExW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetWindowTextW
UpdateWindow
IsDialogMessageW
BeginPaint
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
EndPaint
GetWindow
DrawFrameControl
SetDlgItemInt
GetWindowPlacement
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
SendMessageW
RegisterClassW
PostMessageW
MessageBoxW
SetMenu
TranslateAcceleratorW
SetWindowPos
LoadImageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowLongW
SetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
CloseClipboard
GetMenu
GetParent
EmptyClipboard
GetDC
EnableMenuItem
ReleaseDC
GetClassNameW
MoveWindow
OpenClipboard
GetSubMenu
GetMenuItemCount
CheckMenuItem
GetCursorPos
GetMenuStringW
SetClipboardData
GetSysColor
EnableWindow
MapWindowPoints
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyIcon
LoadIconW
SetDlgItemTextW

gdi32

DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
SelectObject
SetTextColor
CreateFontIndirectW
SetBkMode

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/AppCompatibilityView.exe
.exe windows:4 windows x86 arch:x86

d78ccdb172ccf7d0b2e0ac4925dc1b6a

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:f2:aa:bb:7f:53:25:0d:77:b2:3d:cc:30:08:67:0e:f1:02:4e:b4:7b:bb:f4:4d:eb:2c:47:b5:27:a7:28:11
Signer

Actual PE Digest

fe:f2:aa:bb:7f:53:25:0d:77:b2:3d:cc:30:08:67:0e:f1:02:4e:b4:7b:bb:f4:4d:eb:2c:47:b5:27:a7:28:11

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\AppCompatibilityView\Release\AppCompatibilityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
qsort
_purecall
_wcslwr
strlen
_itow
_wcsnicmp
memmove
_wtoi
__set_app_type
_controlfp
_except_handler3
_exit
_memicmp
memcmp
wcstoul
wcsrchr
malloc
wcscmp
wcschr
free
modf
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
memcpy
memset
_wcsicmp
wcscpy
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
SetErrorMode
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
LoadLibraryExW
DeleteFileW
ExpandEnvironmentStringsW
GetStdHandle
GetTickCount
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
WideCharToMultiByte
GetTempPathW
GetLastError
FindNextFileW
SizeofResource
GlobalLock
GetTempFileNameW
FormatMessageW
FindClose
GetFileSize
GetVersionExW
FindFirstFileW
CloseHandle
GetWindowsDirectoryW
GetFileAttributesW
ReadFile
WriteFile
GetModuleFileNameW
LockResource
CreateFileW
LocalFree
FindResourceW
LoadResource
lstrcpyW
lstrlenW
GlobalAlloc
GlobalUnlock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW

user32

MonitorFromWindow
GetMonitorInfoW
SetCursor
ReleaseDC
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDC
DrawTextExW
GetWindow
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
DrawFrameControl
SetWindowTextW
InvalidateRect
UpdateWindow
SetWindowPlacement
SendMessageW
EndPaint
SetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
DeferWindowPos
GetClientRect
CreateWindowExW
SetWindowPos
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
SetMenu
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
SetFocus
EmptyClipboard
EnableMenuItem
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
CheckMenuItem
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
DestroyIcon
BeginDeferWindowPos
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
EndDeferWindowPos
SendDlgItemMessageW

gdi32

DeleteObject
GetDeviceCaps
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW

comdlg32

FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

DragFinish
DragQueryFileW
DragAcceptFiles
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/AppReadWriteCounter.cfg
valid_methods/AppReadWriteCounter.exe
.exe windows:4 windows x64 arch:x64

d5309dcabae4629d63f2b007b4cd884b

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:12:0b:0c:86:d6:98:a5:84:46:4e:b2:67:cc:c3:0e:ae:77:65:ee:21:8f:e3:48:b8:5c:fe:0b:af:c0:dd:6a
Signer

Actual PE Digest

59:12:0b:0c:86:d6:98:a5:84:46:4e:b2:67:cc:c3:0e:ae:77:65:ee:21:8f:e3:48:b8:5c:fe:0b:af:c0:dd:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\AppReadWriteCounter\x64\Release\AppReadWriteCounter.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_initterm
__dllonexit
_wcslwr
strlen
qsort
_itow
_wcsnicmp
memmove
malloc
free
modf
__setusermatherr
_commode
_fmode
__set_app_type
_onexit
wcschr
wcsrchr
wcstoul
wcscmp
_memicmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_wtoi
memcmp
_purecall
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Add
ImageList_Create
ord17
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

Process32FirstW
GetCurrentProcessId
ExitProcess
ReadProcessMemory
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
EnumResourceTypesW
GetStartupInfoW
SizeofResource
DeleteFileW
SetErrorMode
Sleep
ExpandEnvironmentStringsW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetSystemTimeAsFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
FormatMessageW
GetLastError
GetTickCount
GetVersionExW
GetTimeFormatW
FindResourceW
GetFileAttributesW
WriteFile
LoadResource
SystemTimeToTzSpecificLocalTime
ReadFile
LoadLibraryExW
GetModuleFileNameW
CreateFileW
GlobalAlloc
GetSystemDirectoryW
CloseHandle
GetDateFormatW
GetWindowsDirectoryW
GetTempFileNameW
WideCharToMultiByte
FileTimeToLocalFileTime
GetCurrentProcess
lstrlenW
GetNumberFormatW
GetFileSize
LockResource
LocalFree
GlobalUnlock
GetLocaleInfoW
lstrcpyW
GlobalLock
GetTempPathW
GetPrivateProfileStringW
WritePrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
GetStdHandle

user32

SetForegroundWindow
GetMonitorInfoW
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SendDlgItemMessageW
MonitorFromWindow
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
InvalidateRect
SendMessageW
GetWindowRect
SetDlgItemTextW
GetDlgItemInt
SetWindowLongPtrW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
SetWindowPlacement
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
SetWindowPos
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadIconW
LoadImageW
GetWindowLongW
DestroyIcon
GetSysColor
SetWindowLongW
SetFocus
GetMenuItemCount
SetClipboardData
EnableWindow
MapWindowPoints
GetCursorPos
CheckMenuRadioItem
GetMenuStringW
MoveWindow
CloseClipboard
GetMenu
GetParent
EmptyClipboard
EnableMenuItem
OpenClipboard
GetClassNameW
CheckMenuItem
GetSubMenu
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
GetKeyState
KillTimer
DispatchMessageW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
IsDialogMessageW
GetMessageW
EndDeferWindowPos
TranslateMessage
SetTimer
BeginDeferWindowPos
DrawTextExW
GetWindow

gdi32

DeleteObject
GetTextExtentPoint32W
GetStockObject
SetBkColor
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExW
Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/BrowserDownloadsView.cfg
valid_methods/BrowserDownloadsView.exe
.exe windows:4 windows x64 arch:x64

e14ba89e29655364d9f356529d89e0cc

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:27:ce:0c:26:20:15:7d:6c:5c:82:01:72:2b:2e:f7:d0:f7:b4:b8:05:44:c3:51:87:a2:f8:9b:59:0e:6e:64
Signer

Actual PE Digest

0e:27:ce:0c:26:20:15:7d:6c:5c:82:01:72:2b:2e:f7:d0:f7:b4:b8:05:44:c3:51:87:a2:f8:9b:59:0e:6e:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\BrowserDownloadsView\x64\Release\BrowserDownloadsView.pdb

Imports

msvcrt

_exit
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
_endthreadex
strftime
_gmtime64
realloc
strcmp
_c_exit
qsort
_wcslwr
strlen
_wcsnicmp
memmove
wcschr
memcmp
wcstoul
wcsrchr
wcscmp
_stricmp
sprintf
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
malloc
swscanf
_memicmp
free
_wcsicmp
modf
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
_itow
_wtoi
_purecall
wcslen
wcscpy
memset
wcscat
_snwprintf
__setusermatherr
wcsncat
_commode
_fmode
__set_app_type
_wcsupr
_beginthreadex
_msize

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetFullPathNameW
HeapValidate
UnlockFile
HeapCreate
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
LeaveCriticalSection
GetVersionExA
HeapFree
GetDiskFreeSpaceW
QueryPerformanceCounter
EnterCriticalSection
FlushViewOfFile
LockFile
GetTempPathA
GetFullPathNameA
GetSystemTime
CopyFileW
GetStartupInfoW
HeapDestroy
OutputDebugStringA
LockFileEx
GetCurrentThreadId
HeapAlloc
FileTimeToSystemTime
SystemTimeToFileTime
GetDriveTypeW
CompareFileTime
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetTickCount
GlobalLock
GlobalAlloc
GlobalUnlock
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToLocalFileTime
WideCharToMultiByte
MultiByteToWideChar
GetNumberFormatW
GetDateFormatW
lstrlenW
LockResource
GetTempFileNameW
LocalFree
GetCurrentProcess
lstrcpyW
GetLocaleInfoW
GetFileSize
GetTempPathW
LocalFileTimeToFileTime
SizeofResource
GetLastError
FindFirstFileW
FormatMessageW
SetFilePointer
GetVersionExW
FindNextFileW
GetTimeFormatW
FindClose
GetFileAttributesW
WriteFile
FindResourceW
TzSpecificLocalTimeToSystemTime
ReadFile
LoadResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
CreateFileW
CloseHandle
LoadLibraryExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileIntW
FreeLibrary
GetPrivateProfileStringW
EnumResourceNamesW
WritePrivateProfileStringW
GetStdHandle
GlobalFree
DeleteFileW
ResumeThread
CreateThread
ExpandEnvironmentStringsW
Sleep
SetErrorMode
CreateProcessW
GetCurrentDirectoryW
ExitProcess
GetCurrentProcessId
ReadProcessMemory
OpenProcess
EnumResourceTypesW
WaitForSingleObjectEx
GetDiskFreeSpaceA
AreFileApisANSI
DeleteFileA
OutputDebugStringW
HeapReAlloc
CreateFileA
UnlockFileEx
GetSystemInfo
GetProcessHeap
CreateMutexW
FlushFileBuffers
HeapCompact
FormatMessageA
InitializeCriticalSection
GetFileAttributesExW
SetEndOfFile
HeapSize
DeleteCriticalSection

user32

SetForegroundWindow
MonitorFromWindow
GetMonitorInfoW
DrawTextExW
GetMessageW
RegisterClipboardFormatW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
IsDialogMessageW
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadImageW
DestroyIcon
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
GetMenu
MoveWindow
EmptyClipboard
EnableMenuItem
GetClassNameW
OpenClipboard
GetSubMenu
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetCursorPos
CheckMenuRadioItem
EnableWindow
GetMenuStringW
MapWindowPoints
CloseClipboard
TranslateMessage
DispatchMessageW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
LoadIconW
GetFocus
GetKeyState

gdi32

GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
SetBkColor
GetStockObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
ChooseFontW
FindTextW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash

shell32

Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW

ole32

OleInitialize
OleUninitialize
DoDragDrop

Sections

.text
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/BrowsingHistoryView.cfg
valid_methods/BrowsingHistoryView.exe
.exe windows:4 windows x64 arch:x64

a51e2ffbd8f2e239bc7421a67ee09cfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_onexit
__dllonexit
_gmtime64
strcmp
_beginthreadex
_msize
strftime
_endthreadex
realloc
labs
__C_specific_handler
strlen
qsort
_itow
strchr
_wcsnicmp
memmove
_memicmp
modf
memcmp
wcstoul
_XcptFilter
_c_exit
_cexit
_wcslwr
_exit
malloc
free
wcsrchr
wcscmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_purecall
wcslen
_ultow
sprintf
abs
_wcsupr
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
wcsncat
_snwprintf
memset
wcscat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_ReplaceIcon

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW

kernel32

CreateMutexW
GetSystemInfo
GetProcessHeap
UnlockFileEx
CreateFileA
DeleteFileA
HeapCompact
FlushFileBuffers
FormatMessageA
GetStartupInfoW
GetFullPathNameW
HeapValidate
FlushViewOfFile
GetDiskFreeSpaceA
OutputDebugStringW
HeapReAlloc
AreFileApisANSI
UnlockFile
GetSystemTime
WaitForSingleObjectEx
GetTempPathA
LockFile
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
CloseHandle
CompareFileTime
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
DeleteFileW
CopyFileW
CreateFileW
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
SetFilePointerEx
GetLastError
MultiByteToWideChar
SetFilePointer
ReadFile
GetWindowsDirectoryW
WriteFile
GetModuleFileNameW
FileTimeToLocalFileTime
LocalFree
lstrcpyW
FindResourceW
lstrlenW
GlobalAlloc
LockResource
LoadResource
GetSystemDirectoryW
LocalFileTimeToFileTime
WideCharToMultiByte
LoadLibraryExW
GlobalUnlock
GetTempPathW
SizeofResource
GlobalLock
FormatMessageW
GetDateFormatW
GetTempFileNameW
FindNextFileW
GetVersionExW
FindClose
GetTimeFormatW
FindFirstFileW
GetFileAttributesW
DosDateTimeToFileTime
CreateFileMappingW
OpenProcess
DuplicateHandle
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetCurrentProcess
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
GetCurrentDirectoryW
ExitProcess
ReadProcessMemory
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
EnumResourceTypesW
TryEnterCriticalSection
InitializeCriticalSection
SetEndOfFile
GetFileAttributesExW
HeapSize
HeapAlloc
DeleteCriticalSection
GetCurrentThreadId
LockFileEx
OutputDebugStringA
Sleep
EnterCriticalSection
QueryPerformanceCounter
GetDiskFreeSpaceW
HeapFree
HeapDestroy
GetVersionExA
WaitForSingleObject
LeaveCriticalSection
GetFileAttributesA
CreateFileMappingA
HeapCreate
GetFullPathNameA

user32

GetMonitorInfoW
MonitorFromWindow
ReleaseCapture
SetCapture
EnumChildWindows
PeekMessageW
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetWindowRect
DeferWindowPos
SetDlgItemInt
GetDlgItemInt
CreateWindowExW
BeginPaint
GetWindow
GetClientRect
EndPaint
SendDlgItemMessageW
DrawFrameControl
EndDialog
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
SetWindowLongPtrW
GetSystemMetrics
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
MessageBoxW
PostMessageW
SetMenu
SetWindowPos
TranslateAcceleratorW
ReleaseDC
LoadImageW
LoadIconW
GetDC
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
EnableMenuItem
GetClassNameW
MoveWindow
GetMenuItemCount
GetMenuStringW
CheckMenuItem
CheckMenuRadioItem
ScreenToClient
GetCursorPos
FillRect
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
GetKeyState
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
DispatchMessageW
IsDialogMessageW
TranslateMessage
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
DrawTextExW
GetMessageW

gdi32

GetTextExtentPoint32W
GetStockObject
SetStretchBltMode
StretchBlt
GetDeviceCaps
PatBlt
CreateSolidBrush
GetObjectW
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetDIBits
DeleteDC
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
SetBkColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/CProcess.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/ChromeCacheView.cfg
valid_methods/ChromeCacheView.exe
.exe windows:4 windows x86 arch:x86

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:d2:91:ee:b1:68:96:03:ca:55:c3:1a:e6:5f:9a:90:df:88:ab:21:13:5c:6b:04:59:fd:62:74:f3:d4:4d:65
Signer

Actual PE Digest

b0:d2:91:ee:b1:68:96:03:ca:55:c3:1a:e6:5f:9a:90:df:88:ab:21:13:5c:6b:04:59:fd:62:74:f3:d4:4d:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 316KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 235KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/ChromeCookiesView.cfg
valid_methods/ChromeCookiesView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 211KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/DRE-Files.exe
.exe windows:5 windows x64 arch:x64

f4cf09dd5265ea802d83e943c2137765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
GetStartupInfoW
LoadLibraryExW
CloseHandle
GetCurrentProcess
LoadLibraryA
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
CreateProcessW
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
RaiseException
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetFileSizeEx
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
GetFileAttributesExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DRE-Files.pyc
valid_methods/DeathRun_Scan.exe
.exe windows:6 windows x64 arch:x64

0836b5cec702c746a60ff8b9ec2bcb91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Zack\source\repos\ion\x64\Release\ion.pdb

Imports

kernel32

VirtualQueryEx
ReadProcessMemory
CloseHandle
OpenProcess
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext

advapi32

AdjustTokenPrivileges
CloseServiceHandle
LookupPrivilegeValueA
OpenSCManagerA
OpenProcessToken
QueryServiceStatusEx
OpenServiceA

msvcp140

?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
__std_terminate
__std_exception_copy
__std_exception_destroy
memcpy
memchr
memcmp

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
__p___argv
_initialize_onexit_table
_crt_atexit
_cexit
_c_exit
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
__p___argc

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
valid_methods/EULAaccepted.dat
valid_methods/EventLogChannelsView.exe
.exe windows:4 windows x86 arch:x86

bddd76316a471ae0bcadf19c48532ae2

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:46:c0:fa:52:f9:63:d5:1c:83:5f:48:44:4f:89:d8:9f:11:8e:ee:6f:5e:c7:2e:64:96:c6:14:e8:16:12:d9
Signer

Actual PE Digest

80:46:c0:fa:52:f9:63:d5:1c:83:5f:48:44:4f:89:d8:9f:11:8e:ee:6f:5e:c7:2e:64:96:c6:14:e8:16:12:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\EventLogChannelsView\Release\EventLogChannelsView.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__commode
_onexit
__dllonexit
strlen
qsort
_purecall
_wcslwr
_itow
_wcsnicmp
free
wcschr
__p__fmode
__set_app_type
_controlfp
_except_handler3
_c_exit
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
wcsncpy
swscanf
malloc
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_AddMasked
ImageList_ReplaceIcon
ord17
ImageList_Add
ImageList_Create
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

ReadProcessMemory
GetCurrentProcess
OpenProcess
ExpandEnvironmentStringsW
EnumResourceTypesW
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoW
GetTickCount
GetCurrentProcessId
ExitProcess
CreateProcessW
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetLocaleInfoW
GetLastError
GetDateFormatW
GetTempFileNameW
FindNextFileW
SizeofResource
GlobalLock
GetFileSize
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
WriteFile
ReadFile
FindResourceW
GetModuleFileNameW
GetNumberFormatW
LoadResource
CreateFileW
LockResource
SystemTimeToTzSpecificLocalTime
LocalFree
GlobalAlloc
lstrlenW
LoadLibraryExW
lstrcpyW
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
DeleteFileW

user32

SetForegroundWindow
MonitorFromWindow
GetMonitorInfoW
GetDC
ReleaseDC
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetSystemMetrics
TranslateMessage
GetWindowPlacement
DeferWindowPos
GetDlgItemInt
SetDlgItemInt
GetWindow
CreateWindowExW
BeginPaint
SetWindowPlacement
GetClientRect
EndPaint
DrawFrameControl
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
LoadIconW
LoadImageW
GetWindowLongW
GetSysColor
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
SetTimer
GetParent
KillTimer
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CheckMenuRadioItem
CloseClipboard
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
InsertMenuItemW
GetClassNameW
MoveWindow
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
SetMenuItemInfoW
CreatePopupMenu
GetKeyState
InsertMenuW
DrawTextExW
RemoveMenu
DispatchMessageW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
IsDialogMessageW
GetMessageW
GetWindowRect

gdi32

DeleteObject
GetTextExtentPoint32W
GetStockObject
SetBkColor
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
GetObjectW
DeleteDC
SetPixel
GetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/Everything.lnk
.lnk
valid_methods/ExecutedProgramsList.cfg
valid_methods/ExecutedProgramsList.exe
.exe windows:4 windows x86 arch:x86

f9f666a7dc93e67d08bf8ce4f69a541d

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:92:d0:76:1a:1f:ce:64:36:38:d9:f0:c3:5a:e9:55:0a:6f:37:92
Signer

Actual PE Digest

eb:92:d0:76:1a:1f:ce:64:36:38:d9:f0:c3:5a:e9:55:0a:6f:37:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\ExecutedProgramsList\Release\ExecutedProgramsList.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__dllonexit
_wcslwr
strlen
qsort
_purecall
_itow
_wcsnicmp
malloc
wcscmp
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_onexit
wcschr
free
modf
_wtoi
_memicmp
memcmp
wcstoul
wcsrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ord17
ImageList_Add
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetStdHandle
GetModuleHandleA
EnumResourceTypesW
GetTickCount
SetErrorMode
DeleteFileW
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetStartupInfoW
OpenProcess
GetVolumeInformationW
QueryDosDeviceW
FileTimeToSystemTime
SystemTimeToFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
FindClose
GetFileSize
GetVersionExW
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
LoadResource
lstrlenW
lstrcpyW
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetLongPathNameW

user32

GetMenuItemInfoW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
BeginDeferWindowPos
GetKeyState
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
DeferWindowPos
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetSysColor
GetWindowLongW
SetFocus
CheckMenuItem
GetMenuItemCount
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
ModifyMenuW
SetCursor
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadMenuW
LoadIconW
DestroyIcon
IsDialogMessageW
TranslateMessage
DispatchMessageW
DrawTextExW
EndDeferWindowPos

gdi32

GetTextExtentPoint32W
SetBkColor
GetStockObject
GetDeviceCaps
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFileInfoW
ShellExecuteExW

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/FolderTimeUpdate.cfg
valid_methods/FolderTimeUpdate.exe
.exe windows:4 windows x86 arch:x86

b1477c0d197792288273940f0eb23d0e

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:dd:3c:40:c4:61:24:f0:b1:f6:71:5c:e3:ea:0f:90:29:86:86:79:5d:e2:1b:ee:14:9f:6f:8b:50:72:50:fd
Signer

Actual PE Digest

1c:dd:3c:40:c4:61:24:f0:b1:f6:71:5c:e3:ea:0f:90:29:86:86:79:5d:e2:1b:ee:14:9f:6f:8b:50:72:50:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\FolderTimeUpdate\Release\FolderTimeUpdate.pdb

Imports

msvcrt

_except_handler3
_controlfp
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_c_exit
_onexit
__dllonexit
strlen
qsort
_wcslwr
_wcsnicmp
malloc
_wcsicmp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_exit
_ultow
wcschr
towupper
wcscmp
free
modf
_memicmp
wcstoul
wcsrchr
_itow
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_wtoi
memcmp
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Create
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

EnumResourceNamesW
GetPrivateProfileStringW
GetTickCount
GetPrivateProfileIntW
GetStartupInfoW
GetModuleHandleA
EnumResourceTypesW
GetStdHandle
DeleteFileW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
SetErrorMode
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
OpenProcess
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetDriveTypeW
CloseHandle
CreateThread
WaitForSingleObject
GetSystemTimeAsFileTime
SetFileTime
CreateFileW
GetLastError
FindClose
GetVersionExW
GetFileSize
FindFirstFileW
GetWindowsDirectoryW
GetTimeFormatW
FileTimeToLocalFileTime
GetFileAttributesW
WriteFile
ReadFile
GetNumberFormatW
GetModuleFileNameW
LockResource
LocalFree
TzSpecificLocalTimeToSystemTime
FindResourceW
lstrcpyW
lstrlenW
LoadResource
GlobalAlloc
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
WritePrivateProfileStringW
ExitProcess

user32

GetWindowTextW
GetMessageW
PostQuitMessage
TrackPopupMenu
SetCursor
LoadCursorW
GetSysColorBrush
RegisterWindowMessageW
ChildWindowFromPoint
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindow
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
SetMenu
SetWindowPos
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadIconW
LoadImageW
GetSysColor
GetWindowLongW
SetFocus
GetParent
EndDeferWindowPos
BeginDeferWindowPos
SendMessageTimeoutW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
ShowWindow
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
IsDialogMessageW
TranslateMessage
DispatchMessageW
DrawTextExW

gdi32

SetBkMode
CreateFontIndirectW
DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW

shell32

ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
DragFinish
DragAcceptFiles
DragQueryFileW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/ImageCacheViewer.exe
.exe windows:4 windows x86 arch:x86

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:ff:93:77:d6:c1:cf:12:09:bd:b2:cd:51:08:89:46:b0:76:a2:48:14:cc:1c:10:53:0a:84:6b:3a:50:44:a4
Signer

Actual PE Digest

c7:ff:93:77:d6:c1:cf:12:09:bd:b2:cd:51:08:89:46:b0:76:a2:48:14:cc:1c:10:53:0a:84:6b:3a:50:44:a4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/JournalTrace.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Computador\Downloads\JournalTrace\JournalTrace\obj\Debug\JournalTrace.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
valid_methods/LastActivityView.exe
.exe windows:4 windows x86 arch:x86

28d54068583ea348b007c0eb72f71f9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

Actual PE Digest

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
calloc
__set_app_type
_controlfp
_except_handler3
_wcmdln
realloc
_msize
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
ReadProcessMemory
DeleteFileW
SetErrorMode
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegEnumValueW
RegConnectRegistryW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/LiveTcpUdpWatch.exe
.exe windows:4 windows x86 arch:x86

44918eb6dd0d17ab225fd080cfb10807

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:12:45:d7:aa:a2:4e:9b:96:cf:84:b4:27:c8:14:fe:6e:73:24:8d:0e:09:60:a1:fc:cb:bc:ea:6a:0a:96:f3
Signer

Actual PE Digest

65:12:45:d7:aa:a2:4e:9b:96:cf:84:b4:27:c8:14:fe:6e:73:24:8d:0e:09:60:a1:fc:cb:bc:ea:6a:0a:96:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LiveTcpUdpWatch\Release\LiveTcpUdpWatch.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_wcslwr
strlen
qsort
_itow
strcmp
_strcmpi
strchr
_atoi64
exit
__p__commode
free
modf
wcstoul
malloc
wcscmp
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
wcsrchr
_memicmp
__p__fmode
__set_app_type
_controlfp
_except_handler3
strcpy
_wtoi
memcmp
_ultow
_wcsicmp
wcschr
memcpy
_purecall
wcscpy
memset
wcsncat
wcscat
_cexit
_XcptFilter
_snwprintf
_exit
_c_exit
_onexit
__dllonexit
_wcsnicmp

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSAGetLastError
htons
WSAAsyncSelect
WSASetLastError
gethostbyaddr
connect
WSAStartup
WSACleanup
getservbyport
closesocket

kernel32

OpenProcess
CreateThread
ResumeThread
ReadProcessMemory
ExitProcess
Sleep
ExpandEnvironmentStringsW
GetCurrentProcessId
DeleteFileW
GetCurrentDirectoryW
CreateProcessW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
SetErrorMode
GetStdHandle
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
DosDateTimeToFileTime
FileTimeToDosDateTime
GetTempPathW
WideCharToMultiByte
GlobalUnlock
lstrcpyW
GetSystemDirectoryW
LoadLibraryExW
GlobalAlloc
lstrlenW
LocalFree
SystemTimeToTzSpecificLocalTime
CreateFileW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetSystemTimeAsFileTime
GetFileSize
MultiByteToWideChar
CloseHandle
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetCurrentProcess
GetLastError
GetLocaleInfoW
GetDateFormatW
GlobalLock
GetTempFileNameW
SizeofResource
FindNextFileW
FormatMessageW
FindClose
FindFirstFileW
GetVersionExW
GetTickCount
GetTimeFormatW
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
WriteFile
ReadFile
FindResourceW
GetModuleFileNameW
GetNumberFormatW
LockResource
LoadResource

user32

SetForegroundWindow
GetMonitorInfoW
MonitorFromWindow
PeekMessageW
DispatchMessageW
KillTimer
FindWindowW
RemoveMenu
DrawTextExW
InsertMenuW
SetTimer
TranslateMessage
GetMessageW
IsDialogMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
LoadIconW
CreatePopupMenu
GetKeyState
SetMenuItemInfoW
LoadMenuW
GetWindowTextW
GetDesktopWindow
DestroyWindow
LoadStringW
EnumChildWindows
CreateDialogParamW
DialogBoxParamW
DestroyMenu
SetCursor
ReleaseDC
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDC
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
EndPaint
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
GetWindow
EndDialog
SetWindowLongW
GetDlgItem
DefWindowProcW
PostMessageW
RegisterClassW
TranslateAcceleratorW
MessageBoxW
SetMenu
SetWindowPos
GetForegroundWindow
LoadAcceleratorsW
LoadImageW
DestroyIcon
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetClassNameW
OpenClipboard
MoveWindow
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CheckMenuRadioItem
CloseClipboard
SetClipboardData
GetCursorPos
EnableWindow
GetParent
MapWindowPoints
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
InsertMenuItemW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID

gdi32

CreateCompatibleBitmap
SetBkColor
SetStretchBltMode
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
GetPixel
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
GetStockObject
StretchBlt

comdlg32

FindTextW
GetSaveFileNameW
ChooseFontW

shell32

Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/MRCv120.exe
.exe windows:4 windows x86 arch:x86

2d1e1973ab62e7f5a515d097b09b4a30

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:31:3c:71:5c:6e:70:3d:29:33:61:c4
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

09/07/2018, 19:12

Not After

09/10/2021, 19:12

Subject

CN=Magnet Forensics Inc.,O=Magnet Forensics Inc.,L=Waterloo,ST=Ontario,C=CA,1.2.840.113549.1.9.1=#0c176a6164406d61676e6574666f72656e736963732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:37:c7:5f:c8:09:99:8d:2f:3d:cf:58:75:f9:7c:ab:cb:dd:66:9f
Signer

Actual PE Digest

a5:37:c7:5f:c8:09:99:8d:2f:3d:cf:58:75:f9:7c:ab:cb:dd:66:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaCyMul
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLineInputStr
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFpCDblR8
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord626
__vbaForEachCollAd
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
ord660
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
__vbaOnError
__vbaCyAdd
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVar
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord709
__vbaErase
__vbaVarZero
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaCyI2
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaCyI4
__vbaObjVar
__vbaPrintObj
DllFunctionCall
ord670
__vbaVarOr
__vbaCySub
_adj_fpatan
__vbaFixstrConstruct
__vbaR8Cy
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord601
_CIsqrt
EVENT_SINK_QueryInterface
ord710
__vbaFpCmpCy
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
ord681
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaFpCy
__vbaLateMemCall
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
ord618
__vbaCastObj
__vbaStrMove
__vbaI4Cy
ord619
ord650
_allmul
_CItan
__vbaNextEachCollAd
ord546
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/MUICacheView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/MZCacheView.exe
.exe windows:4 windows x86 arch:x86

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:4c:8b:61:2a:53:65:71:4c:94:5f:22:40:7f:5c:77:4a:b7:8d:e9:33:bf:b0:7f:29:3a:16:9b:af:ce:6d:be
Signer

Actual PE Digest

6d:4c:8b:61:2a:53:65:71:4c:94:5f:22:40:7f:5c:77:4a:b7:8d:e9:33:bf:b0:7f:29:3a:16:9b:af:ce:6d:be

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/MyLastSearch.exe
.exe windows:4 windows x86 arch:x86

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1e:5f:47:09:91:d8:b3:2e:94:ae:a8:40:23:4b:60:df:c8:9f:fc:e6:3c:55:8e:ef:07:c3:a6:f2:3e:5a:55:2e
Signer

Actual PE Digest

1e:5f:47:09:91:d8:b3:2e:94:ae:a8:40:23:4b:60:df:c8:9f:fc:e6:3c:55:8e:ef:07:c3:a6:f2:3e:5a:55:2e

Digest Algorithm

sha256

PE Digest Matches

true

f3:c0:79:d6:9d:4b:2f:9d:11:80:03:1b:48:e9:4c:a9:f1:29:ff:a5
Signer

Actual PE Digest

f3:c0:79:d6:9d:4b:2f:9d:11:80:03:1b:48:e9:4c:a9:f1:29:ff:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/NetworkUsageView.exe
.exe windows:4 windows x86 arch:x86

59c51276385d391016e5f251f602324b

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:7b:dc:e4:77:40:e3:5f:ae:19:2d:c9:ca:b7:b6:8c:5e:42:8d:60:c0:34:26:4e:d9:7e:a6:93:dd:99:2a:27
Signer

Actual PE Digest

39:7b:dc:e4:77:40:e3:5f:ae:19:2d:c9:ca:b7:b6:8c:5e:42:8d:60:c0:34:26:4e:d9:7e:a6:93:dd:99:2a:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\NetworkUsageView\Release\NetworkUsageView.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
__p__commode
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_wcslwr
__p__fmode
__set_app_type
_controlfp
_except_handler3
exit
strlen
qsort
_itow
_wcsnicmp
wcsncpy
malloc
wcscmp
free
_memicmp
modf
wcschr
memcmp
wcstoul
wcsrchr
_wcsicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_wtoi
_purecall
_ultow
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
ImageList_Create

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
FileTimeToLocalFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetFilePointerEx
GetLastError
CloseHandle
FindResourceW
WriteFile
ReadFile
LoadResource
GetModuleFileNameW
GetNumberFormatW
TzSpecificLocalTimeToSystemTime
CreateFileW
LockResource
LocalFree
LoadLibraryExW
MultiByteToWideChar
GlobalAlloc
lstrcpyW
lstrlenW
GetSystemDirectoryW
LocalFileTimeToFileTime
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetDateFormatW
GetCurrentProcess
GetTempFileNameW
GetLocaleInfoW
GetFileSize
SizeofResource
GlobalLock
FormatMessageW
GetVersionExW
GetDriveTypeW
GetTimeFormatW
GetFileAttributesW
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStdHandle
SetErrorMode
DeleteFileW
ExitProcess
GetCurrentProcessId
ReadProcessMemory
QueryDosDeviceW
GetLogicalDrives
GetSystemTimeAsFileTime
OpenProcess
DuplicateHandle

user32

ChildWindowFromPoint
GetDC
ReleaseDC
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemTextW
InvalidateRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
DeferWindowPos
GetDlgItemInt
SetDlgItemInt
GetWindow
CreateWindowExW
BeginPaint
GetClientRect
EndPaint
SetWindowPos
DrawFrameControl
SendDlgItemMessageW
EndDialog
SetWindowTextW
SetWindowLongW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
RegisterClassW
MessageBoxW
PostMessageW
TranslateAcceleratorW
SetMenu
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
BeginDeferWindowPos
EndDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
GetMenu
GetSubMenu
EmptyClipboard
MoveWindow
EnableMenuItem
InsertMenuItemW
GetClassNameW
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
SetClipboardData
CheckMenuRadioItem
CloseClipboard
EnableWindow
MapWindowPoints
GetCursorPos
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
LoadIconW
SetMenuItemInfoW
DestroyIcon
CreatePopupMenu
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
InsertMenuW
DrawTextExW
RemoveMenu
DispatchMessageW
MonitorFromWindow
GetMonitorInfoW

gdi32

SetBkMode
DeleteObject
GetDeviceCaps
GetStockObject
SetBkColor
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
SetPixel
GetPixel
SelectObject
CreateCompatibleDC
GetObjectW
DeleteDC
SetTextColor
CreateFontIndirectW
GetTextExtentPoint32W

comdlg32

ChooseFontW
FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
CloseServiceHandle
OpenSCManagerW
ControlService
ConvertSidToStringSidW
OpenServiceW
LookupAccountSidW
StartServiceW
QueryServiceStatus
RegConnectRegistryW
ChangeServiceConfigW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExW
SHGetFileInfoW
ShellExecuteW

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/PE Viewer.lnk
.lnk
valid_methods/PreviousFilesRecovery.exe
.exe windows:4 windows x64 arch:x64

bfaa2c45f3b51a2466bfc8a0101e02ae

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:c4:70:0e:4a:23:50:f0:45:25:dc:87:d9:36:23:a3:a6:3d:36:18:48:22:cb:c5:1c:95:ea:28:1b:bf:91:8c
Signer

Actual PE Digest

1e:c4:70:0e:4a:23:50:f0:45:25:dc:87:d9:36:23:a3:a6:3d:36:18:48:22:cb:c5:1c:95:ea:28:1b:bf:91:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\PreviousFilesRecovery\x64\Release\PreviousFilesRecovery.pdb

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_initterm
_wcslwr
strlen
qsort
_purecall
_wcsnicmp
memmove
modf
_wtoi
wcschr
memcmp
wcstoul
wcsrchr
__wgetmainargs
_wcmdln
exit
_cexit
towupper
wcscmp
malloc
_memicmp
free
_itow
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcslen
memcpy
_wcsicmp
wcscpy
memset
wcsncat
_snwprintf
wcscat

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

EnumResourceNamesW
GetStartupInfoW
GetVolumePathNamesForVolumeNameW
EnumResourceTypesW
OpenProcess
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStdHandle
SetErrorMode
GetCurrentDirectoryW
DeleteFileW
ExpandEnvironmentStringsW
ReadProcessMemory
GetCurrentProcess
GetCurrentProcessId
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetTickCount
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
SetFileTime
WriteFile
GetFileAttributesW
GetFileTime
ReadFile
CreateFileW
CloseHandle
GetFileSizeEx
GetLastError
SetFileAttributesW
CreateThread
WideCharToMultiByte
LockResource
lstrcpyW
GetDateFormatW
GlobalUnlock
GetTempFileNameW
GetTempPathW
GetLocaleInfoW
CreateDirectoryW
GetFileSize
GlobalLock
SizeofResource
FormatMessageW
FindFirstFileW
GetVersionExW
FindNextFileW
FindClose
GetTimeFormatW
FindResourceW
GetModuleFileNameW
LoadResource
GetWindowsDirectoryW
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GlobalAlloc
LoadLibraryExW
lstrlenW
GetNumberFormatW
LocalFree
GetPrivateProfileStringW
ExitProcess

user32

DrawTextExW
TranslateMessage
GetMessageW
IsDialogMessageW
PostQuitMessage
TrackPopupMenu
SetCursor
RegisterWindowMessageW
ShowWindow
LoadCursorW
ChildWindowFromPoint
BeginPaint
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndPaint
EndDialog
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
SetWindowLongPtrW
GetSystemMetrics
GetWindowPlacement
DeferWindowPos
GetWindowRect
SetDlgItemInt
CreateWindowExW
GetDlgItemInt
GetWindow
PostMessageW
SetMenu
SetWindowPos
TranslateAcceleratorW
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
MessageBoxW
LoadImageW
GetSysColor
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetParent
MoveWindow
GetDC
EnableMenuItem
ReleaseDC
GetSubMenu
GetClassNameW
OpenClipboard
CheckMenuItem
GetMenuItemCount
GetMenuStringW
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
CloseClipboard
GetMenu
GetSysColorBrush
EmptyClipboard
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
GetKeyState
DispatchMessageW

gdi32

GetTextExtentPoint32W
GetStockObject
SetBkColor
GetDeviceCaps
GetObjectW
DeleteDC
SetPixel
GetPixel
SelectObject
CreateCompatibleDC
CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor

comdlg32

FindTextW
GetSaveFileNameW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/RecentFilesView.cfg
valid_methods/RecentFilesView.exe
.exe windows:4 windows x86 arch:x86

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73
Signer

Actual PE Digest

18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73

Digest Algorithm

sha256

PE Digest Matches

true

8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9
Signer

Actual PE Digest

8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
valid_methods/RegScanner.exe
.exe windows:4 windows x86 arch:x86

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:cb:b4:d7:bb:7c:7b:12:73:e3:d3:f7:ae:f5:2a:bb:be:d7:69:75:46:fb:bd:d0:e7:d8:8f:4a:97:a6:f0:e1
Signer

Actual PE Digest

0b:cb:b4:d7:bb:7c:7b:12:73:e3:d3:f7:ae:f5:2a:bb:be:d7:69:75:46:fb:bd:d0:e7:d8:8f:4a:97:a6:f0:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
valid_methods/Screenshare.Tool.x64.rar
.rar
valid_methods/ShellBagsView.cfg
valid_methods/ShellBagsView.exe
.exe windows:4 windows x86 arch:x86

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:b0:11:8c:23:7a:7d:a5:fd:ac:a0:28:ad:6a:c9:b8:ba:56:98:4a:f2:d2:35:45:90:fe:da:4d:90:40:e5:af
Signer

Actual PE Digest

fc:b0:11:8c:23:7a:7d:a5:fd:ac:a0:28:ad:6a:c9:b8:ba:56:98:4a:f2:d2:35:45:90:fe:da:4d:90:40:e5:af

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
valid_methods/USBDeview.cfg
valid_methods/USBDeview.exe
.exe windows:4 windows x86 arch:x86

873299b7b29e6fadb2fb6a515be27b27

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:32:07:2d:75:02:c6:1c:a7:8b:80:a6:65:08:5a:44:26:47:80:19:38:ca:43:0c:81:b6:17:8d:b1:b0:41:4f
Signer

Actual PE Digest

5b:32:07:2d:75:02:c6:1c:a7:8b:80:a6:65:08:5a:44:26:47:80:19:38:ca:43:0c:81:b6:17:8d:b1:b0:41:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\USBDeview\Release\USBDeview.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_onexit
__dllonexit
atol
_mbsrchr
_mbsicmp
qsort
_strlwr
_mbschr
memmove
_strnicmp
modf
strchr
memcmp
_memicmp
strrchr
strcmp
malloc
_strcmpi
free
strtoul
srand
rand
abs
_strupr
_itoa
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memcpy
_purecall
_stricmp
_snprintf
atoi
strcpy
memset
strncat
sprintf
strcat

comctl32

CreateToolbarEx
ord6
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Add

ws2_32

send
WSAAsyncSelect
WSAAsyncGetHostByName
connect
inet_addr
htonl
WSAGetLastError
htons
bind
socket
WSASetLastError
closesocket
WSAStartup
WSACleanup

kernel32

Process32Next
OpenProcess
SetEnvironmentVariableA
GetCurrentThreadId
DeviceIoControl
GetStartupInfoA
FreeLibrary
Process32First
CreateToolhelp32Snapshot
ReadProcessMemory
ExitProcess
GetCurrentProcessId
Sleep
SetErrorMode
ExpandEnvironmentStringsA
CreateProcessA
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
WinExec
GetModuleFileNameA
GetComputerNameA
GetLastError
CompareFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
SystemTimeToFileTime
GetLogicalDrives
GetWindowsDirectoryA
GetDriveTypeA
GetDiskFreeSpaceExA
DeleteFileA
CreateThread
CreateFileA
GetTickCount
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
GetCurrentProcess
GetFileSize
GetTempFileNameA
GetSystemDirectoryA
GlobalAlloc
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetTimeFormatA
GlobalUnlock
FileTimeToLocalFileTime
GetTempPathA
LocalFree
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FormatMessageA
LoadLibraryExA
GetDateFormatA
EnumResourceNamesA
GetPrivateProfileIntA
WritePrivateProfileStringA

user32

GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
EnumWindows
RemoveMenu
SetTimer
GetSysColorBrush
ShowWindow
LoadCursorA
DispatchMessageA
GetDC
ReleaseDC
SetCursor
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
DeferWindowPos
EndPaint
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
LoadImageA
GetSysColor
GetWindowLongA
SetWindowLongA
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetWindowTextA
MoveWindow
InsertMenuItemA
CheckMenuItem
OpenClipboard
GetMenu
EmptyClipboard
EnableMenuItem
GetParent
GetClassNameA
CloseClipboard
GetMenuItemCount
SetClipboardData
EnableWindow
MapWindowPoints
GetSubMenu
GetMenuStringA
GetCursorPos
CheckMenuRadioItem
ModifyMenuA
CreateDialogParamA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
LoadStringA
CreatePopupMenu
LoadIconA
SetMenuItemInfoA
GetKeyState
GetMessageA
TranslateMessage
KillTimer
IsDialogMessageA
DrawTextExA
InsertMenuA
TrackPopupMenu
RegisterWindowMessageA
PostQuitMessage
ChildWindowFromPoint

gdi32

GetTextExtentPoint32A
SetBkMode
SetStretchBltMode
StretchBlt
SetBkColor
GetStockObject
GetPixel
GetObjectA
DeleteDC
CreateFontIndirectA
GetDeviceCaps
DeleteObject
SetTextColor
CreateCompatibleDC
SelectObject
SetPixel
CreateCompatibleBitmap

comdlg32

ChooseFontA
FindTextA
GetSaveFileNameA

advapi32

CloseServiceHandle
StartServiceA
OpenServiceA
ChangeServiceConfigA
OpenSCManagerA
ControlService
RegCloseKey
QueryServiceStatus
RegCreateKeyA
RegLoadKeyA
RegUnLoadKeyA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam

shell32

SHGetFileInfoA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoCreateInstance

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/USBDriveLog.cfg
valid_methods/USBDriveLog.exe
.exe windows:4 windows x86 arch:x86

5aabfcda78f8156f8e2427196f570d9d

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:54:40:27:46:19:3f:49:7c:38:25:a5:e3:1f:ac:49:db:08:ef:51:33:a5:23:9e:2e:f6:80:1c:15:34:3f:b4
Signer

Actual PE Digest

b2:54:40:27:46:19:3f:49:7c:38:25:a5:e3:1f:ac:49:db:08:ef:51:33:a5:23:9e:2e:f6:80:1c:15:34:3f:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\USBDriveLog\Release\USBDriveLog.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__p__commode
qsort
_itow
memmove
wcstoul
towupper
wcscmp
wcsncmp
_wcslwr
strlen
malloc
swscanf
_wcsnicmp
__p__fmode
__set_app_type
_controlfp
_except_handler3
__dllonexit
_wcsicmp
free
modf
wcschr
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
_ultow
_wtoi
_purecall
wcscpy
memset
_snwprintf
wcsncat
wcscat

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcessId
ExitProcess
ReadProcessMemory
ExpandEnvironmentStringsW
DeleteFileW
OpenProcess
EnumResourceTypesW
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoW
CloseHandle
GetCurrentDirectoryW
SetErrorMode
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
SystemTimeToTzSpecificLocalTime
GetWindowsDirectoryW
FileTimeToLocalFileTime
LoadLibraryExW
GetModuleFileNameW
CreateFileW
GetNumberFormatW
GlobalAlloc
LockResource
GetSystemDirectoryW
lstrlenW
WideCharToMultiByte
LocalFree
GetCurrentProcess
GlobalUnlock
GetDateFormatW
lstrcpyW
GetTempPathW
GetLocaleInfoW
LocalFileTimeToFileTime
GlobalLock
GetLastError
FindFirstFileW
SizeofResource
FindNextFileW
FormatMessageW
GetVersionExW
FindClose
FindResourceW
GetTimeFormatW
LoadResource
GetFileAttributesW
WriteFile
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeLibrary
GetPrivateProfileStringW
GetStdHandle

user32

MonitorFromWindow
GetMonitorInfoW
DispatchMessageW
DrawTextExW
RemoveMenu
InsertMenuW
ReleaseDC
LoadCursorW
GetSysColorBrush
SetCursor
ShowWindow
GetDC
SetDlgItemInt
GetDlgItemInt
GetWindow
CreateWindowExW
BeginPaint
GetClientRect
EndPaint
SetWindowPos
DrawFrameControl
SendDlgItemMessageW
EndDialog
SetWindowTextW
SetWindowLongW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
GetSystemMetrics
GetWindowPlacement
GetWindowRect
DeferWindowPos
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
MessageBoxW
PostMessageW
TranslateAcceleratorW
SetMenu
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetParent
GetMenu
EmptyClipboard
MoveWindow
EnableMenuItem
GetSubMenu
GetClassNameW
OpenClipboard
InsertMenuItemW
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetMenuStringW
EnableWindow
MapWindowPoints
GetCursorPos
CheckMenuRadioItem
CloseClipboard
LoadMenuW
ModifyMenuW
GetDlgCtrlID
GetMenuItemInfoW
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
SetMenuItemInfoW
CreatePopupMenu
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
ChildWindowFromPoint

gdi32

GetTextExtentPoint32W
GetStockObject
SetBkColor
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
DeleteDC
SetPixel
GetPixel
SelectObject
DeleteObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHGetMalloc

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/UserAssistView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
valid_methods/VideoCacheView.exe
.exe windows:4 windows x86 arch:x86

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:4b:84:7c:df:ec:c8:fb:dd:10:fb:4c:e9:dc:bb:91:ef:36:13:5d:4d:01:ed:d4:ba:e9:ee:73:cb:e8:1f:c4
Signer

Actual PE Digest

66:4b:84:7c:df:ec:c8:fb:dd:10:fb:4c:e9:dc:bb:91:ef:36:13:5d:4d:01:ed:d4:ba:e9:ee:73:cb:e8:1f:c4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
valid_methods/WebCacheImageInfo.exe
.exe windows:4 windows x86 arch:x86

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:08:68:2b:6c:52:6a:89:7b:1f:41:54:7d:cf:12:ea:b1:6a:9a:f7:e7:7d:81:e5:26:ae:c1:c5:e1:70:25:50
Signer

Actual PE Digest

8b:08:68:2b:6c:52:6a:89:7b:1f:41:54:7d:cf:12:ea:b1:6a:9a:f7:e7:7d:81:e5:26:ae:c1:c5:e1:70:25:50

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
valid_methods/WhatInStartup.exe
.exe windows:4 windows x64 arch:x64

e5d2f07a34e93db9597ffc4bdab6ac2e

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a1:a3:e7:28:0e:0a:2d:f1:2f:84:30:96:49:82:05:19
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/09/2012, 00:00

Not After

17/09/2014, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:6b:36:8e:81:28:22:8f:bd:3a:ab:03:a1:e3:ce:03:14:6f:66:85
Signer

Actual PE Digest

ea:6b:36:8e:81:28:22:8f:bd:3a:ab:03:a1:e3:ce:03:14:6f:66:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\projects\vs2005\whatinstartup\x64\release\WhatInStartup.pdb

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_wcslwr
strlen
qsort
_itow
__setusermatherr
_commode
_fmode
__set_app_type
malloc
_memicmp
free
wcschr
modf
memcmp
wcstoul
wcsrchr
wcscmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_purecall
_wtoi
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_AddMasked
CreateStatusWindowW
ord17
ImageList_Create
ImageList_SetImageCount
CreateToolbarEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FindNextChangeNotification
SearchPathW
RemoveDirectoryW
EnumResourceTypesW
Sleep
WinExec
GetCurrentThreadId
FindFirstChangeNotificationW
WaitForSingleObject
FindCloseChangeNotification
MoveFileW
ResetEvent
CreateEventW
GetStartupInfoW
GetFileSize
ReadProcessMemory
GetProcessTimes
OpenProcess
CloseHandle
CompareFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcAddress
FreeLibrary
LoadLibraryW
FormatMessageW
GetVersionExW
FindNextFileW
FindFirstFileW
GetModuleHandleW
GetTimeFormatW
FindClose
GetFileAttributesW
WriteFile
ReadFile
GetModuleFileNameW
GetWindowsDirectoryW
CreateFileW
FindResourceW
LoadResource
LocalFree
GlobalAlloc
LoadLibraryExW
GetNumberFormatW
lstrcpyW
lstrlenW
LockResource
SetFileAttributesW
WideCharToMultiByte
GlobalUnlock
GetTempPathW
GetLocaleInfoW
CreateDirectoryW
GetDateFormatW
GlobalLock
SizeofResource
GetTempFileNameW
GetLastError
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
DeleteFileW
SetErrorMode
CreateProcessW
GetComputerNameW
ExitProcess
GetCurrentProcessId
GetCurrentProcess

user32

SetForegroundWindow
AttachThreadInput
EnumWindows
GetWindowThreadProcessId
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetWindowTextW
GetMessageW
SetDlgItemTextW
BeginPaint
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
EndPaint
GetWindow
DrawFrameControl
SetDlgItemInt
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetWindowPlacement
SetMenu
LoadImageW
GetWindowLongW
SetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetMenuItemCount
CheckMenuItem
GetMenuStringW
GetCursorPos
SetClipboardData
GetSysColor
EnableWindow
MapWindowPoints
CloseClipboard
GetMenu
EmptyClipboard
GetDC
EnableMenuItem
GetSubMenu
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetDlgCtrlID
DestroyMenu
GetParent
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
SetWindowPos
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DestroyIcon
LoadIconW
IsDialogMessageW
DispatchMessageW
SetTimer
TranslateMessage
DrawTextExW
FindWindowW
IsWindowVisible
KillTimer
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
UpdateWindow

gdi32

SetBkMode
DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectW

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegLoadKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegUnLoadKeyW
RegQueryValueExW
RegNotifyChangeKeyValue

shell32

ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/WinDefThreatsView.cfg
valid_methods/WinDefThreatsView.exe
.exe windows:4 windows x64 arch:x64

2cc230829837d561baa83269873acd4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\WinDefThreatsView\x64\Release\WinDefThreatsView.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_initterm
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_wtoi64
_wcslwr
strlen
__setusermatherr
_commode
_fmode
__set_app_type
_c_exit
qsort
_wcsnicmp
free
_wcsicmp
modf
wcschr
memcmp
wcsrchr
wcstoul
wcscmp
malloc
_memicmp
swscanf
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
wcslen
_ultow
_itow
_purecall
_snwprintf
wcscat
memset
wcscpy
_wtoi
wcsncat

comctl32

ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetExitCodeProcess
SetErrorMode
WaitForSingleObject
ExitProcess
GetCurrentProcessId
ReadProcessMemory
OpenProcess
EnumResourceTypesW
GetStartupInfoW
LocalFree
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
lstrcpyW
GlobalUnlock
GetTempPathW
GlobalLock
SizeofResource
FormatMessageW
GetLastError
GetVersionExW
GetTimeFormatW
GetFileAttributesW
WriteFile
FindResourceW
LoadResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
CreateFileW
CloseHandle
GlobalAlloc
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToLocalFileTime
GetDateFormatW
WideCharToMultiByte
lstrlenW
GetCurrentProcess
LockResource
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
GetDriveTypeW
DeleteFileW

user32

ChildWindowFromPoint
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadImageW
DestroyIcon
GetSysColor
SetWindowLongW
GetWindowLongW
BeginDeferWindowPos
EndDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenuStringW
CloseClipboard
MoveWindow
GetMenu
EmptyClipboard
EnableMenuItem
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
LoadIconW
GetKeyState
DispatchMessageW
RegisterWindowMessageW
IsDialogMessageW
TrackPopupMenu
PostQuitMessage
TranslateMessage
GetMessageW
DrawTextExW
MonitorFromWindow
GetMonitorInfoW
SetForegroundWindow

gdi32

DeleteDC
SetPixel
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
GetPixel
SetTextColor
GetTextExtentPoint32W
GetStockObject
SetBkColor
SetStretchBltMode
CreateCompatibleBitmap
StretchBlt
SelectObject
CreateCompatibleDC

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

OpenProcessToken
GetTokenInformation

shell32

SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayPutElement
SysAllocString
SafeArrayCreate
SysFreeString

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/WinLiveInfo.exe
.exe windows:4 windows x64 arch:x64

Code Sign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:e9:a2:14:3d:b3:17:cf:00:87:e3:f7:36:b4:16:05
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/02/2020, 00:00

Not After

19/02/2022, 23:59

Subject

CN=Katsavounidis Konstantinos,O=Katsavounidis Konstantinos,POSTALCODE=55535,STREET=32 Bizaniou Street,L=Pylaia,ST=Thessaloniki,C=GR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01/02/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:18:78:83:ef:f4:3e:40:42:cc:c5:81:9a:05:b9:87
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2021, 11:04

Not After

01/03/2032, 11:04

Subject

CN=Globalsign TSA for MS Authenticode advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b9:f8:82:4a:a9:37:a1:17:70:75:44:c4:2c:2d:12:df:6a:d0:62:77:71:27:f9:dc:fb:6d:58:5e:c2:b1:b1:ae
Signer

Actual PE Digest

b9:f8:82:4a:a9:37:a1:17:70:75:44:c4:2c:2d:12:df:6a:d0:62:77:71:27:f9:dc:fb:6d:58:5e:c2:b1:b1:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/WinPrefetchView.exe
.exe windows:4 windows x64 arch:x64

89421e1903928ddf253a9167e7b060ae

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:cd:71:53:7c:7a:f0:f6:c0:04:a5:23:78:6c:fe:79:4f:87:5a:63:96:46:51:60:0c:56:02:a3:0d:4a:25:99
Signer

Actual PE Digest

3e:cd:71:53:7c:7a:f0:f6:c0:04:a5:23:78:6c:fe:79:4f:87:5a:63:96:46:51:60:0c:56:02:a3:0d:4a:25:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\Projects\VS2005\WinPrefetchView\x64\Release\WinPrefetchView.pdb

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__setusermatherr
_onexit
__dllonexit
strlen
qsort
_wcslwr
wcstoul
wcsrchr
wcscmp
_ultow
_memicmp
_commode
_fmode
__set_app_type
__C_specific_handler
malloc
_wcsicmp
free
modf
wcschr
memcmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_itow
_wcsnicmp
_purecall
_wtoi
wcscpy
memset
_snwprintf
wcsncat
wcscat

comctl32

ord17
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetDriveTypeW
GetVolumeInformationW
QueryDosDeviceW
GetLongPathNameW
GetLogicalDrives
GetCurrentProcessId
ExitProcess
OpenProcess
EnumResourceTypesW
GetStartupInfoW
GlobalAlloc
ReadProcessMemory
GetCurrentProcess
SetErrorMode
GlobalFree
CompareFileTime
SystemTimeToFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
FreeLibrary
SystemTimeToTzSpecificLocalTime
CreateFileW
LoadLibraryExW
CloseHandle
GetSystemDirectoryW
GetWindowsDirectoryW
FileTimeToLocalFileTime
WideCharToMultiByte
lstrlenW
LocalFree
GetNumberFormatW
LockResource
lstrcpyW
GetDateFormatW
GlobalUnlock
GetTempFileNameW
GetLocaleInfoW
GetTempPathW
GlobalLock
GetFileSize
SizeofResource
FormatMessageW
FindFirstFileW
GetLastError
GetVersionExW
GetModuleHandleW
GetTimeFormatW
FindNextFileW
GetFileAttributesW
FindClose
WriteFile
FindResourceW
ReadFile
LoadResource
GetModuleFileNameW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
DeleteFileW

user32

FillRect
SetCapture
ReleaseCapture
RegisterClipboardFormatW
DrawTextExW
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowTextW
DispatchMessageW
UpdateWindow
SetDlgItemTextW
BeginPaint
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
EndPaint
GetWindow
DrawFrameControl
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetWindowPlacement
SetMenu
LoadImageW
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
CloseClipboard
GetMenu
GetParent
EmptyClipboard
MoveWindow
EnableMenuItem
GetDC
OpenClipboard
ReleaseDC
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
GetSysColor
GetMenuStringW
ScreenToClient
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
SetWindowPos
LoadIconW
DestroyIcon
GetFocus
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
SetDlgItemInt

gdi32

DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
PatBlt
SelectObject
CreateSolidBrush
SetTextColor
CreateFontIndirectW
SetBkMode

comdlg32

FindTextW
GetSaveFileNameW

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
valid_methods/journal-tool.exe
.exe windows:6 windows x64 arch:x64

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:8c:52:ec:df:d9:ae:65:be:45:96:45:8b:4c:31:af
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/12/2021, 00:00

Not After

16/12/2022, 23:59

Subject

SERIALNUMBER=13017981,CN=Inspect Element Ltd,O=Inspect Element Ltd,L=POOLE,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:b0:d3:11:06:0f:81:c0:90:8a:80:09:1d:6e:b8:c9:fb:6c:f9:db:37:ef:b0:ed:2d:41:9f:18:3a:c3:0b:f6
Signer

Actual PE Digest

ae:b0:d3:11:06:0f:81:c0:90:8a:80:09:1d:6e:b8:c9:fb:6c:f9:db:37:ef:b0:ed:2d:41:9f:18:3a:c3:0b:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_cgo_dummy_export
glowDebugCallback_glcore32
goCharCB
goCharModsCB
goCursorEnterCB
goCursorPosCB
goDropCB
goErrorCB
goFramebufferSizeCB
goJoystickCB
goKeyCB
goMarkdownImageCallback
goMonitorCB
goMouseButtonCB
goScrollCB
goWindowCloseCB
goWindowContentScaleCB
goWindowFocusCB
goWindowIconifyCB
goWindowMaximizeCB
goWindowPosCB
goWindowRefreshCB
goWindowSizeCB
iggAssert
iggInputTextCallback
iggIoGetClipboardText
iggIoSetClipboardText

Sections

.text
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 618KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
valid_methods/regscanner.cfg
valid_methods/tcpview64.exe
.exe windows:6 windows x64 arch:x64

5e3837ab1131c4430d2981643ad233ba

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:14:ca:3a:e1:6d:97:f2:14:51:b5:87:37:6d:5e:94:cd:21:9e:a0:4c:20:f6:53:7c:fb:e9:98:62:f3:ec:82
Signer

Actual PE Digest

ce:14:ca:3a:e1:6d:97:f2:14:51:b5:87:37:6d:5e:94:cd:21:9e:a0:4c:20:f6:53:7c:fb:e9:98:62:f3:ec:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\exe\x64\Release\TcpView64.pdb

Imports

kernel32

CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FreeLibrary
LoadLibraryExA
LoadLibraryExW
TrySubmitThreadpoolCallback
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatEx
GetCommandLineW
CreateDirectoryW
SetThreadPriority
SetPriorityClass
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryW
lstrcmpW
DecodePointer
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
lstrcmpiW
CreateThread
TerminateThread
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetTickCount64
FileTimeToSystemTime
WriteConsoleW
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetFileSize
GetThreadContext
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetFileType
SetConsoleCtrlHandler
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetStringTypeW
FormatMessageA
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
SetFilePointer
DebugBreak
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
GetACP
SuspendThread
IsWow64Process
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
ResumeThread
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
GetEnvironmentVariableW
GetEnvironmentVariableA
VerifyVersionInfoW
lstrlenW
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetModuleFileNameW
GetCurrentThreadId
RtlUnwind
DeleteCriticalSection
InitializeCriticalSectionEx
SetThreadContext
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GlobalLock
GlobalUnlock
IsValidCodePage
GlobalAlloc

user32

RemoveMenu
AppendMenuW
GetMenuItemID
GetSubMenu
CreatePopupMenu
LoadMenuW
LoadAcceleratorsW
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawFrameControl
SetMenuDefaultItem
LoadStringA
LoadIconW
SetRectEmpty
DestroyIcon
MonitorFromPoint
UnhookWindowsHookEx
MessageBoxW
LockWindowUpdate
GetMenuItemInfoW
ModifyMenuW
GetMenuItemCount
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
GetActiveWindow
GetDlgCtrlID
DialogBoxParamW
GetWindowDC
MessageBeep
GetCursorPos
ScreenToClient
DrawEdge
WindowFromPoint
GetWindowThreadProcessId
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SendMessageW
DestroyMenu
CheckMenuRadioItem
EnableWindow
GetScrollInfo
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsMenu
IsWindow
LoadStringW
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetSysColor
LoadImageW
DrawIconEx
GetIconInfo
DefWindowProcW
CallWindowProcW
UnregisterClassW
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
SystemParametersInfoW
RegisterWindowMessageW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetClassNameW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ShowScrollBar
SetScrollPos
ValidateRect
ReleaseDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
GetDlgItem
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
LoadCursorW

gdi32

PatBlt
ExcludeClipRect
Polyline
SetBrushOrgEx
CreatePatternBrush
CreateBitmap
CreateDIBSection
GetCurrentObject
Polygon
TextOutW
MoveToEx
GetTextMetricsW
SetTextAlign
LineTo
GetStockObject
CreatePen
CreateSolidBrush
GetObjectW
SetTextColor
SetBkMode
CreateFontIndirectW
SetViewportOrgEx
ExtTextOutW
SetBkColor
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

ChooseFontW
GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenTraceW
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CloseTrace
ProcessTrace
OpenProcessToken
ControlTraceW
StartTraceW

shell32

ExtractIconExW
SHGetFolderPathW
ShellExecuteW
SHGetStockIconInfo
ExtractIconW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysFreeString
VarUI4FromStr

comctl32

ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_DrawIndirect
CreateStatusWindowW
InitCommonControlsEx
ImageList_Draw

uxtheme

IsThemeActive
IsAppThemed
SetWindowTheme

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

iphlpapi

GetOwnerModuleFromTcpEntry
GetExtendedUdpTable
GetOwnerModuleFromUdpEntry
GetOwnerModuleFromTcp6Entry
GetOwnerModuleFromUdp6Entry
SetTcpEntry
GetExtendedTcpTable

ws2_32

getservbyport
gethostname
WSAStartup
send
getaddrinfo
htons
connect
closesocket
ntohs
WSAGetLastError
freeaddrinfo
recv
GetNameInfoW
socket

tdh

TdhGetEventInformation
TdhGetPropertySize

Sections

.text
Size: 906KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
valid_methods/valid methods/Cheat_Detections (1).txt
valid_methods/valid methods/Cmd_Forensics.txt
valid_methods/valid methods/Data_Usage.txt
valid_methods/valid methods/File_Recovery.txt
valid_methods/valid methods/Memory_Forensics.txt
valid_methods/valid methods/Redlotus (1).txt
valid_methods/valid methods/event_reviewr_journal_method__2.txt
valid_methods/valid methods/how_to_find_people_tyring_to_hide_cheats_1.txt
valid_methods/valid methods/methods.rar
.rar
valid_methods/valid methods/pcchecking.txt

Sharing

General

Malware Config

Signatures

Files

5687dd5c985b7ec94db31a8dd21988eb

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

b9:fe:9a:bf:a1:50:99:c0:e4:54:ec:23:54:73:0c:f2:0b:0b:e3:98Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 11KB

d78ccdb172ccf7d0b2e0ac4925dc1b6a

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

fe:f2:aa:bb:7f:53:25:0d:77:b2:3d:cc:30:08:67:0e:f1:02:4e:b4:7b:bb:f4:4d:eb:2c:47:b5:27:a7:28:11Signer

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 6KB

.rsrc Size: 27KB - Virtual size: 27KB

d5309dcabae4629d63f2b007b4cd884b

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

b9:fe:9a:bf:a1:50:99:c0:e4:54:ec:23:54:73:0c:f2:0b:0b:e3:98
Signer

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 11KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

fe:f2:aa:bb:7f:53:25:0d:77:b2:3d:cc:30:08:67:0e:f1:02:4e:b4:7b:bb:f4:4d:eb:2c:47:b5:27:a7:28:11
Signer

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 27KB - Virtual size: 27KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

59:12:0b:0c:86:d6:98:a5:84:46:4e:b2:67:cc:c3:0e:ae:77:65:ee:21:8f:e3:48:b8:5c:fe:0b:af:c0:dd:6a
Signer

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 21KB - Virtual size: 20KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

0e:27:ce:0c:26:20:15:7d:6c:5c:82:01:72:2b:2e:f7:d0:f7:b4:b8:05:44:c3:51:87:a2:f8:9b:59:0e:6e:64
Signer

.text
Size: 359KB - Virtual size: 358KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 16KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 26KB - Virtual size: 26KB